UCON MODEL

51000448 - Huỳnh Châu Duy

OUTLINEUCON

MODELWhat?

What for?When?Why?

CORE MODELS

16 basic models Example

COMPARISONTraditional

access control

DRM

CONCLUSION

UCON MODEL

UCON MODEL

WHAT?

WHEN?

WHAT FOR?

WHY?

TRADITIONAL ACCESS CONTROL Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC)

Focus in a closed system environment Not adequate for today’s distributed, network-

connected digital environment. Authorization only Decision is made before access No consumable rights Rights are pre-defined and granted to subjects

DIGITAL RIGHT MANAGEMENT(DRM) Controlling and tracking access to and use of

digital information objects at client-side. Mainly focus on intellectual property

rights protection. Lack of access control model.

PROBLEM

UCON MODEL

UCON MODEL

WHAT?

WHEN?

WHAT FOR?

WHY?

UCONABC MODEL COMPONENTS

UCONABC MODEL COMPONENTSSubjects

Attributes Consumer Subjects Provider Subjects Identifiee Subjects

Objects Attributes

Rights

WHAT IS UCONABC MODEL?

OBLIGATIONS

AUTHORIZATIONS

CONDITIONS

AUTHORIZATIONS Functional predicates that have to be

evaluated for usage decision. Return whether the subject(requester) is

allowed to perform the requested rights on the object.

Authorizations can be either pre-authorizations (preA) or ongoing-authorizations (onA).

OBLIGATIONS Functional predicates that verify mandatory

requirements a subject has to perform before or during a usage exercise.

Obligations can be either pre-obligations (preB) or ongoing-obligations (onB)

CONDITIONS Environmental or system-oriented decision

factors. Unlike authorizations or obligations, condition

variables cannot be mutable. Evaluation of conditions cannot update any

subject or object attributes.

OUTLINEUCON

MODELWhat?

What for?When?Why?

CORE MODELS

16 basic models Example

COMPARISONTraditional

access control

DRM

CONCLUSION

CORE MODEL

The 16 basic UCONABC models

0immutable

1pre_update

2ongoing_updat

e

3post_updat

e

preA Y Y N Y

onA Y Y Y Y

preB Y Y N Y

onB Y Y Y Y

preC Y N N N

onC Y N N N

CORE MODEL

AUTHORIZATIONS preA

onA

CORE MODELpreApreA0

preA1

preA3

Example : - Pay-per-view (preUpdate) - Metered payment

(postUpdate)

CORE MODELonAonA0

onA1

onA2

onA3

Example : Pay-per-Minutes

CORE MODELOBLIGATIONS

preB

onB

CORE MODELpreBpreB0

preB1

preB3

Example : Free Internet Service

CORE MODELonBonB0

onB1

onB2

onB3

CORE MODELCONDITIONS

preC

onC

CORE MODEL Example :

Healthcare Education Long-distance phone Pre-paid phone card Click Ad within every 30 minutes Business Hour

OUTLINE

UCONMODEL What? What for? When?

Why?

CORE MODELS 16 basic models Example

COMPARISON Traditional access control DRM

CONCLUSION

COMPARISON

TraditionalAccess Control

•RBAC•MAC•DAC

UCON MODEL

•Authorizations•Obligations•Conditions

COMPARISON

DRM•pay-per-use•multiple credits

UCON MODEL

•Authorizations•Obligations•Conditions

OUTLINE

UCONMODEL What? What for? When?

Why?

CORE MODELS 16 basic models Example

COMPARISON Traditional access control DRM

CONCLUSION

CONSLUSION UCONABC leaves open the architecture and

mechanisms for providing trusted attributes.